Scott Cantor reported that cURL does not properly handle fields in
X.509 certificates that contain an ASCII NUL ( ) character.
Specifically, the processing of such fields is stopped at the first
occurence of a NUL character. This type of vulnerability was recently
discovered by Dan Kaminsky and Moxie Marlinspike.

Impact

A remote attacker might employ a specially crafted X.509 certificate
(that for instance contains a NUL character in the Common Name field)
to conduct man-in-the-middle attacks.